Electronic interactions and transactions involving physically distant entities are becoming increasingly prevalent and is the basis of many commercial and non-commercial human interactions. Accordingly, security of such electronic transactions is becoming of increasing importance and a number of techniques have been developed to address such issues.
For example, online shopping over the Internet has in the latter years grown to become a substantial part of the economy. Such transactions need to be secure and resistant to security attacks. Such attacks include:
1. Eavesdropping meaning that attackers listen to the messages during their transport without the source or destination knowing.
2. Tampering meaning that attackers modify the messages in transport without being noticed by the receiver.
3. Impersonation is said to happen when a malicious party pretends to be the legitimate sender of the message and deceives the receiver to treat it as from the legitimate sender.
4. Replay attack covers intercepting a message and replaying it at later time without the receiver realising that it has been received more than once.
Furthermore, wireless and mobile communication has become increasingly widespread with a number of different communication systems providing different services and offering different advantages and characteristics. For example, cellular communication systems, such as GSM or UMTS, and Wireless Local Area Networks, such as IEEE 802.11 systems, have become commonplace and may provide the users with different access points to e.g. the Internet.
In order to facilitate and provide a coherent user experience, it is desirable to implement seamless mobility where it is possible for an end-user to seamlessly roam between different access networks without the user needing to take any action or even being aware of which access network is used. Seamless mobility for a terminal can be achieved via specific protocols and functionalities at the terminal and network side.
However, it is desirable to extend seamless mobility to the end-user rather than merely to a user terminal. Thus, it is desirable to enable an end-user to roam among different end-user terminals and networks while maintaining session continuity.
The user may specifically use a personal access network wherein different communication devices can be used to form the access point. Such a network can include elements such as a cellular subscriber unit, a cordless phone, a TV receiver, a digital audio receiver, a Personal Computer (PC) etc. Thus a number of different communication devices can be used to deliver a desired service.
However, such a scenario has significant impact on security aspects and requires additional functionality to ensure that secure communications and transactions can take place.
In particular, it is insufficient to merely authenticate a communication device providing a current access but rather it is desirable to authenticate the end-user itself. Thus, from the network perspective, a peer authentication guaranteeing that an authorized user is using an authorized device for consuming a specific service and authorizing a specific transaction should be provided.
Although, it is typically relatively straightforward to implement functionality allowing a communication device to be authenticated, a secure, reliable and user friendly user authentication is generally difficult to achieve.
Specifically, it has been proposed that user authentication may be achieved by a user entering a secret password. However, as human users are incapable of memorizing long cryptographic secrets, authentication methods based on human memory (passwords) lack sufficient cryptographic strength.
It has also been proposed to use a hardware element to store user security credentials that can be used for authenticating the user. However, such an approach is impractical as it requires the user to carry and use the hardware whenever user authentication is required. Furthermore, the approach does not provide sufficient security and personalization as the basic hardware element can be used by different people. For example a Subscriber Identity Module (SIM) for a mobile phone can be used by many users.
Thus, before such a hardware element can be used to authenticate a user towards the network, it needs to verify that the user is indeed the legitimate user. For mobile cellular communication systems, it has been proposed to combine the use of a SIM card with a personal four-digit PIN code as a way of personalizing the SIM card. Specifically, the user types a PIN code on the device carrying the SIM card as a way of verifying the identity to the device. However, a problem with this approach is that PIN codes are not considered cryptographically strong. Furthermore, once the PIN number has been provided by the legitimate user, the device becomes usable by anybody.
In U.S. Pat. No. 6,703,918, an end-user authentication method is described which uses a specific device worn by the end-user. The specific device communicates with an access point over a wireless communication link. However, the communication between the specific device and the access point is not cryptographically secure and therefore the system does not provide an optimal user authentication. Specifically, the described system will be sensitive to active security attacks such as replay attacks or monitoring/detection of signals transmitted over the wireless communication link.
Hence, an improved system for user authentication would be advantageous and in particular a system allowing improved security, facilitated operation and/or improved performance would be advantageous.